Forensics school #forensics #school


This text is replaced by the Flash movie.

Forensics by Kalia and Carolyn

Carolyn’s sister Lizzy is celebrating her birthday, but we’re investigating a crime. We returned home to find Lizzy’s party set-up trashed. The cake was half-eaten, presents were thrown all over, and there was even some bright red stuff dripping off the table. This is clearly a birthday whodunit. Our question: How can we use forensic science to finger the culprit?

What did we do?
There were a lot of possibilities for the bandit: our dad, neighbor, Lizzy, and even a balloon-delivery clown were suspects. We found fiber, saliva, and fingerprint samples at the crime scene, so we gathered hair, saliva and fingerprint samples from each suspect. Then we compared the crime scene evidence to our samples and tried to find a match. We also interviewed all the suspects.

What did we find out?
We found fingerprints at the scene for everybody except the clown, so that didn’t narrow things down much. We had a hard time telling the fibers apart under the microscope, but we used a laser pen to estimate the thickness of each fiber. The crime scene fiber didn’t match any of our suspects! Lastly, Kalia’s cousin helped us with DNA testing for the saliva samples, but the crime scene sample proved to be non-human! After asking questions and recreating the scene, Lizzy confessed to breaking into her presents, but the fiber and DNA evidence pointed to a new and FURRY suspect. It was Sammy the family dog who ate the cake!

What can you do?

  • Practice lifting fingerprints like the CSIs do! Using an artist’s paint brush and some dust from a charcoal briquette, apply a light coating of charcoal dust to a surface with fingerprints. Use clear packaging tape to “lift” any prints you see off the glass, then stick the tape onto white paper. You’ve just captured a fingerprint!
  • Ride your bike through some soft sand, and examine the tire tread pattern that is left behind. How does the pattern change if the tires are under-inflated?
  • One kind of forensic analysis involves splashes and splatters. Fill up some water balloons, and throw them at a dry and level paved surface. What distinguishes the splatter of a balloon that falls straight down, compared to one that hits at an angle?
  • Use this forensics investigation as a science fair project idea for your elementary or middle school science fair! Then tell us about it!

  • Department of Computer Science #department #of #computer #science, #sam #houston #state #university, #computing #science, #graduate


    Department of Computer Science

    Welcome to the Digital Age

    The Department of Computer Science at Sam Houston State University is a community of faculty, staff, and students centered in the computing science disciplines. The Department of Computer Science is dedicated to providing the highest quality education possible to its graduate and undergraduate students through excellence in teaching and excellence in research. The department is committed to furthering the pursuit of knowledge and meeting the needs of a diverse society.

    Faculty members in the Department of Computer Science pursue a wide range of interests in the field of computer science, from design of programming languages, to neural networks and other aspects of networking, to data mining, informatics, and cryptography. SHSU computer scientists also make important and timely contributions to the literature of the discipline, including editing of scholarly journals and publication in professional periodicals and at major conferences.

    Quality instruction is a major focus of the department as well. Faculty members teach courses in networking, network security, programming, parallel computing, data structures, steganography, multimedia forensics, and more.

    The department’s special strengths in digital forensics – exemplified by the Center of Excellence in Digital Forensics – demonstrates the faculty’s commitment to serving the public at all levels. The center’s work has great potential utility for law enforcement, public safety, and national security.

    We hope that the information provided on this site will be useful to prospective and current students, faculty members, others in the SHSU community, and the public. Please feel free to contact us for more detailed information about the work of the Department of Computer Science.

    Dr. Peter Cooper, Professor and Chair
    Department of Computer Science
    Sam Houston State University

    Computer Science

    NOVA – Official Website #nova, #the #killer’s #trail, #web, #internet, #activity, #dna, #forensics, #fingerprint, #fingerprinting,


    Create a DNA Fingerprint

    DNA. It s what makes you unique. Unless you have an identical twin, your DNA is different from that of every other person in the world. And that s what makes DNA fingerprinting possible. Experts can use DNA fingerprints for everything from determining a biological mother or father to identifying the suspect of a crime. What, then, is a DNA fingerprint and how is it made? Here, you ll find out by solving a mystery a crime of sorts. First, you ll create a DNA fingerprint (we ll supply the lab and all necessary materials). Then you ll compare this DNA fingerprint to those of all seven suspects to nab the perpetrator. Ready? Let s get to work!

    Launch Interactive

    Assemble a virtual DNA fingerprint and use it to identify the culprit in a hypothetical crime.

    In the last 15 years, DNA has played an increasingly important role in our legal system. Tissue evidence is now routinely collected during criminal investigations in hopes that it will provide genetic clues linking suspected criminals to crimes.

    DNA profiles help forensic investigators determine whether two tissue samples — one from the crime scene and one from a suspect — came from the same individual. Fortunately, the genetic comparison doesn t require that investigators look at all of the DNA found in the tissue samples. That would take months or even years. Instead, by marking a small number of segments of DNA in one sample and then checking for the presence or absence of those segments in the other sample, investigators can say with some assurance whether the samples are from the same person.

    How do they do it? Investigators use chemicals to cut the long strands of DNA into much smaller segments. Each segment has a specific length, but all of them share the same repeating sequence of bases (or nucleotides). The chemicals cut the segments at the beginning and at the end of the repeating string of nucleotides, so one segment might be ATCATCATCATCATC, for example, while another might be ATCATC. (The DNA segments used in forensic investigations are, of course, much longer than this.)

    Investigators use a process called gel electrophoresis to separate these repeating segments according to length. Next, they introduce a small set of radioactive markers to the sample. These markers are segments of DNA of known length, with bases that complement the code of, and bind to, sample segments of the same length. The sample segment above (ATCATCATCATCATC), for example, would be tagged by a marker with the complementary code TAGTAGTAGTAGTAG.

    Markers that do not bind to sample segments are then rinsed away, leaving in place only those markers that bound to complementary sample segments. Photographic film, which darkens when exposed to the radioactive markers, identifies the location of all marked sample segments. This film, then, becomes the DNA fingerprint that forensic investigators analyze.

    The final step is a relatively simple matter of lining up the sample profiles side by side and comparing them for the presence or absence of segments with particular lengths. The more segments the two samples have in common, the more likely it is that the samples came from the same person.

    SANS – Information Security Resources #computer #security #training, #network #security, #information #security, #security #courses, #security


    IDFAQ: What is host based Intrusion Detection?

    Host-based ID involves loading a piece or pieces of software on the system to be monitored. The loaded software uses log files and/or the system’s auditing agents as sources of data. In contrast, a network- based ID system monitors the traffic on its network segment as a data source. Both network-based and host-based ID sensors have pros and cons, and in the end, you’ll probably want to use a combination of each. The person responsible for monitoring the IDS needs to be an alert, competent System Administrator, who is familiar with the host machine, network connections, users and their habits, and all software installed on the machine. This doesn’t mean that he or she must be an expert on the software itself, but rather needs a feel for how the machine is supposed to be running and what programs are legitimate. Many break-ins have been contained by attentive Sys Admins who have noticed something “different” about their machines or who have noticed a user logged on at a time atypical for that user.

    Host-based ID involves not only looking at the communications traffic in and out of a single computer, but also checking the integrity of your system files and watching for suspicious processes. To get complete coverage at your site with host-based ID, you need to load the ID software on every computer. There are two primary classes of host-based intrusion detection software: host wrappers/personal firewalls and agent-based software. Either approach is much more effective in detecting trusted-insider attacks (so-called anomalous activity) than is network-based ID, and both are relatively effective for detecting attacks from the outside.

    Host wrappers or personal firewalls can be configured to look at all network packets, connection attempts, or login attempts to the monitored machine. This can also include dial-in attempts or other non-network related communication ports. The best known examples of wrapper packages are TCPWrappers ( ) for Unix and Nuke Nabber ( for Windows. Personal firewalls can also detect software on the host attempting to connect to the network, such as WRQ’s AtGuard ( ).

    In addition, host-based agents may be able to monitor accesses and changes to critical system files and changes in user privilege. Well-known commercial versions include products from AXENT (acquired by Symantec ), CyberSafe, ( ) ISS, ( ) and Tripwire ( ). (There’s also an Academic Source Release of Tripwire available if your site is an academic department of a state university.)

    In addition, UNIX has a rich set of software tools to perform intrusion detection. No one package will do everything, and the software should be tailored to the individual computer that’s being monitored. For example, if a machine has only a handful of users, perhaps only the connections from the outside and the integrity of the system files need to be monitored; whereas, a machine with a lot of users or network traffic may need more stringent monitoring. Types of software that help monitor hosts include: system and user log files (syslog); connectivity monitoring (TCPwrappers, lastlog); process monitoring (lsof ( ), process accounting); disk usage monitoring (quotas); session monitoring (options to ftpd to log all file transfers, process accounting); system auditing (audit).

    UNIX host-based intrusion detection is only as good as the logging that’s done. Programs can be written to analyze log files and alert the Sys Admin via e-mail or pager when something is amiss. System logging output can be sent to a remote site or modified, so that the log files are put into non-standard places to prevent hackers from covering their tracks. With the prevalence of hacking scripts, home-brew monitoring can be set up to watch for specific instances of break-ins. Some “must-reads” for the Sys Admin new to host-based intrusion is Practical Unix & Internet Security by Simson Garfinkel and Gene Spafford, (2nd edition, published by O’Reilly) and Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response, by Edward Amoroso”, (published by Intrusion.Net Books). Manual pages for network daemons give information on how to produce logging. Any of the xxxstat programs (vmstat, netstat, nfsstat) or software like t!’op ( ) can help point out suspicious activity. Know your system, and know it well.

    A truly effective IDS will use a combination of network- and host-based intrusion detection. Figuring out where to use each type and how to integrate the data is a real and growing concern.

    Laurie Zirkle, CSE
    Virginia Tech CNS